Skip to content
Permalink
Browse files Browse the repository at this point in the history
avoid sql injection on demo code
  • Loading branch information
Takashi Kanemoto committed Nov 4, 2014
1 parent f1616a5 commit 619de47
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions demo/index.php
Expand Up @@ -35,10 +35,10 @@

$page = $request->get('page', 1);
$limit = $request->get('limit', 10);
$sort = $request->get('sort', 'id');
$direction = $request->get('direction', 'asc');
$sort = $app['db']->quoteIdentifier($request->get('sort', 'id'));
$direction = $request->get('direction') === 'desc' ? 'DESC' : 'ASC';

$sql = "select * from sample order by \"{$sort}\" {$direction}";
$sql = "select * from sample order by {$sort} {$direction}";
$array = $app['db']->fetchAll($sql);

$pagination = $app['knp_paginator']->paginate($array, $page, $limit);
Expand Down

0 comments on commit 619de47

Please sign in to comment.